How to authenticate bluetooth communication between Raspberry and Android - android

I created an application on the Raspberry (using QT bluetooth module) that publishes a service with a specific UUID and waits on a rfcomm socket. I was able from my Android application to pair with the Raspberry, to find the service and exchange data using sockets. The Android application simply asks to the user if he wants to pair with the Raspberry, without pin confirmation. Now I would like to add an authentication step, a simple pin or passkey, to allow the connection only to those who know it. I can change the Android application to show a dialog allowing the user to insert the pin, in such a way the application on Raspberry can verify the correctness of the pin and eventually close the socket, but this solution is obviously valid only for the devices with my application. Is there a way to implement a similar solution during the pairing process, in order to make it available to every devices? I tried among the QT functions but I didn't find anything that could help me. Thank you

There is a flaw in your design which is if you plan on authenticating with a pin the raspberry pi needs some way to tell the user what the pin should be. If you don't have a screen or output of some kind on the raspberry pi then the pin would be useless because you have no way to generate a random pin and then tell the user what it should be.
Depending on the application you are usually fine not having an authentication pin ect. Think about most Bluetooth devices you use, none of them have any authentication you can just click pair.
Here are some other options I can think of:
1) Detect when you have already connected to a device on the raspberry pi and not broadcast the service so once you are connected to a device another device cant also connect and cause issues.
2) Have a button on the raspberry pi and only broadcast the publish service for 1 min after pressing the button
3) get a screen or someway of outputting information to the user from the raspberry pi to show them the pin to enter on their phone

Related

Choosing WiFi network from app on Android Things device (Raspberry Pi 3)

I'm running Android Things on a Raspberry Pi 3 with a touch screen attached.
I would like to be able to access and update wifi settings in my app. I.e. be able to show a list of scanned wifi networks and let the user pick one and type in a password.
This would be useful when bringing the device to another building with a different wifi network, for example.
Is this possible? Or is the only way to change the wifi connection to do one of the actions described here: https://developer.android.com/things/hardware/raspberrypi.html#connecting_wi-fi
Thanks!
There are APIs which can be used to setup Wi-Fi networks programmatically. This means you can do all the scanning and connecting inside of your app.

Bluetooth pairing without pin code

I am a newbie working on bluetooth, and I would like to get some advice regarding the pairing process. I have googled this but I did not find much information ...
My goal is simple: I want to do a pairing to a headset without entering a pin. I have an android (nexus S running Android 4.1.2) and an iphone (3GS running ios 6.1.3).
If I connect to a device like a Jabra BT3030 (bluetooth headset), the pairing is performed without asking me any pin code.
Now I want to do the same from an Ubuntu (with BlueZ 4.6), i.e. I fake a bluetooth headset by enable only the correct service and so on. I disabled the authentication.
When I pair my iphone to this device, no pin code is required (as expected), but when I connect from my Android device, it still asks me for a pin code, whereas I would expect to have the same behavior than with the Jabra.
Would you have any idea of what I am missing here?
Thanks in advance,
Best regards,
Guillaume
Android Uses UUID for pairing and connection for two devices...for two devices conneting, one device should send request and one should accept and for both UUID should be same...
Like also used bluetooth there I need to intall my android app to both the devices then only I can pair the two devices...because only that app is knowing the UUID. and for iPhone it may be different so if from the native code of iOS u can know the UUID ur android device can be paired through app...
The Standard password for a Jabra BT3030 is 0000. Many other bluetooth devices have a standard password. For the Case a system only accepts devices with passwords, and u cant enter a pasword on a device without keys :D
Maybe the solution is implementing the standard passwords for mutliple devices and use them instead f forcing a connection without password.

Is there a way for automatic/programatic pairing of 2 bluetooth devices in android?

I am developing an application which connects devices over bluetooth and exchanges messages. It works fine for paired devices, but I would also like it to automatically pair devices that are not paired. Like for example it could store and use the same PIN for pairing requests, I just dont know how to manage this request programatically in my applciation, how to automatically set and send the PIN when you get a pairing request and how to initiate such a request with the predefined PIN code.
Any snippets or thoughts would be highly appreciated! :)
EDIT:
I know its risky, I am developing this app for emergency situations only where no other means but bluetooth is available. Also is there maybe a way of premature pairing with devices without even connecting to them? Like lets say there is a list of MAC Addresses of those devices and I can use them to generate a bond with that devices so that they appear paired on my device?
You can't do this. To do what you want to do would create a huge security risk. Think about it, my device just comes anywhere in bluetooth range of yours and now I can send you anything I want without you knowing? You can't really do this and I highly recommend not trying to subvert it.
Reflecting the setPin method allowed me to send the pin automatically to the other device. I had to implement it in a broadcast receiver that is listening for pairing requests. Although I cant get rid of the dialog it just stucks there on the screen and I dont know how to close it (programatically) and continue the bonding procedure since this dialog is called from inside connect() which is a blocking method. I am not giving up on it yet though :)
With Bluetooth version 2.1 and above there is a method of pairing called the 'just works' association model. This is the lowest security method of pairing and has no protection against man-in-the-middle attacks.
However, this will provide a secure, encrypted link without the need to exchange pin numbers or verify device ID.
The API on different platforms may differ but the underlying HCI messages require that you indicate that your device (or one of the devices) has the following IO capabilities:
No Keyboard, No Display.
As you might have guessed, this is a mode for very
simple devices that use Bluetooth, such as a speaker or headphones.
If you can find the API to configure that, then the 'just works' association mode of Secure Simple Pairing will be used for pairing.
The next step is to store the link keys e.g. bonding. Many devices e.g. mobile phones, will still create a dialogue box to the user to ask if they want to 'remember this device', as user authorisation is specified by the BT specifications... but that's another problem.

Is it possible to exchange messages between 2 android devices through wifi?

I am currently working on the creation of an application for mobile devices with Android which should be capable of sending and receiving messages through local means like wifi and bluetooth. After making a research about it I found out that Android doesn't have a native wifi ad hoc functionality and that the only way to achieve that is through rooting your device and patching the wpa_suplicant and some other similiar methods which are not generic for every device.
Synopsis of what I am trying to achieve:
An application for Android that scans for devices nearby and tries to connect to them automatically. If the other device also got this application isntalled then it automatically accepts any connection request it receives and when the connection is established it sends back a message which ensures that it has this app installed so that both can start exchanging messages automatically and the users don't have to allow/deny any of the sending/receiving in real time.
My questions are:
Is there any way of sending messages through wifi between 2 android
devices without the use of internet?
Since Ad Hoc is not supported, is there any alternative?
In case the answer to 2 is no , then is it possible to make one of
the devices to be an access point so the other can connect to it and
vice versa.
As for bluetooth, is it possible to skip or automate the allow/deny
pop up of an incoming connection and the pairing procedure?
I'll be glad if you could give me an answer to those and/or any suggestions.
You'll be able to communicate between two devices over wifi without a router/access point using Wifi Direct (P2P) in Android 4.0.
Otherwise, I don't believe you can achieve this over Wifi (bluetooth would be the next best alternative). Since 2.2 you can set your phone up to be a Wifi Access Point (for tethering your device's network connection), but during this time, the Wifi hardware is unavailable for normal use. If you had 3 devices it could work (1 AP, 2 connecting to it).
Is this for a constant connection, or a one-off small delivery? You could use NFC if you want to transmit a URL for example (Android Beam integrates this type of sharing in Android 4.0, but could implement it in 2.3).

Android P2P idea

I've been looking around for some way to simulate Peer 2 Peer for games on the android and the best way I've been able to come up with is connected an android to a server and then routing through that server. I'm just looking for some thoughts on my way of solving the solution so that you could literally type in someones phone number and try and connect to them.
By use of a service module to check incoming text messages, which would be properly formatted for detection, it would interpret that another phone is trying to request a connection to another one of the androids applications. If the application is found it would then prompt the user as to if they wished to connect to the other person. If yes, their phone would send back a text message to the original phones, which also has the messaging system installed on it, which states it would like to connect and that this is my current IP address. The original phone, or host phone, would then open a connection with the other users phone via the Internet at which point the newly made connection could be used to transfer information back and forth.
Basic list layout
Service module:
- Writes/Receives formatted text messages to alert/verify someone is trying to connect to an application of theirs
- Sender attempts to make a connection with the recipient phone, which takes connection and passes to desired application along with sending back a confirmation package
- On confirmation Sender phone passes connection to original desired application.
Any thoughts, ideas, constructive criticism would be helpful.
* srry for bold, but I hope you understand why.
the best way I've been able to come up with is connected an android to a server and then routing through that server
This is called TURN P2P implementation. You want to read about STUNT implementations too. You'll probably be interested in the JXTA P2P framework.

Categories

Resources